[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: WG next steps

To: "'Peter Tattam'" <peter@jazz-1.trumpet.com.au>, Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Subject: RE: WG next steps
From: "Hesham Soliman (EAB)" <hesham.soliman@era.ericsson.se>
Date: Fri, 15 Nov 2002 01:12:30 +0100
Cc: Tony Li <Tony.Li@procket.com>, Michel Py <michel@arneill-py.sacramento.ca.us>, Shane Kerr <shane@ripe.net>, Brian Carpenter <brian@hursley.ibm.com>, multi6@ops.ietf.org


  > This is intuitively correct, but I have a hunch that 
  > pushing the intellegence
  > into the end points raises a whole bunch of security 
  > problems.  Traditionally
  > we believe routers have been secure (this may not be case 
  > in reality), and this
  > has been the motivation to find a solution that does not 
  > entail end point
  > intelligence to solve the MH problem.

=> I don't think pushing the intelligence to the 
end points will introduce additional security threats
to those introduced by allowing routers to do the job. 
The problem is the same: change address from A to B.
Solving it using routers or end hosts will not change the
problem (ok PI is a different case). 

The obvious reason for doing it in end hosts is scalability. 
Another advantage with using the end host is that the
security issues are well understood, for example if 
MIPv6 is used, we will have a pretty good idea of the 
level of security required to do the job.

Hesham

Follow-Ups:
- RE: WG next steps
  - From: Peter Tattam <peter@jazz-1.trumpet.com.au>

Prev by Date: Re: WG next steps
Next by Date: RE: WG next steps
Previous by thread: Re: WG next steps
Next by thread: RE: WG next steps
Index(es):
- Date
- Thread